<?php
	define('BASE_ABS',	'');

	session_start();
	require('../libs/db.php');

	if($_SERVER["REQUEST_METHOD"]=='POST') {
		$username = mysql_escape_string($_POST['username']);
		$password = md5(mysql_escape_string($_POST['password']));
		$sql = "SELECT * FROM `control_user` WHERE `username` = '$username' AND `password` = '$password' LIMIT 1";
		$query = mysql_query($sql);
		while($result = mysql_fetch_assoc($query)) {
			 $_SESSION['m'] = $result;
			 $_SESSION['m']['mod'] = AclMod($result['user_id']);
		//	 AclLog('/login', $result['user_id']);
			 header('location: /backend/');
			 exit;
		}
		mysql_free_result($query);
	}

	$_SESSION['att'] = $_SESSION['att'] ? $_SESSION['att']+1 : 1;

	sleep(3);

	header('location: login.html?attempt='. $_SESSION['att']);

/*	function AclLog($action, $user_id='NULL') {
		$action = $action ? $action : '/';
		if($_SERVER["REQUEST_METHOD"]=='POST') {
			$params = http_build_query($_POST);
		} else { 
			$params = http_build_query($_GET); 
		}
		$headers = array();
		foreach (apache_request_headers() as $k => $v) {
			$headers[] = $k.': '.$v;
		}
		$headers = implode(PHP_EOL, $headers);
		$ip		= $_SERVER['REMOTE_ADDR'];
		$ipx	= $_SERVER['HTTP_X_FORWARDED_FOR'] ? "'".$_SERVER['HTTP_X_FORWARDED_FOR']."'" : 'NULL';
		$sql	= "INSERT INTO `control_log` (`log_id`, `action`, `params`, `headers`, `ip`, `ipx`, `date`, `user_id`) VALUES ('', '$action', '$params', '$headers', '$ip', $ipx, NOW(), $user_id)";
		return mysql_query($sql);

	}*/

	function AclMod($user_id) {
		$sql = "SELECT * FROM `control_acl` WHERE `user_id` = '$user_id'";
		$query = mysql_query($sql);

		$mod = array();
		while($result = mysql_fetch_assoc($query)) {
			$mod[$result['mod_id']]	= $result['mod_id'];
		}
		mysql_free_result($query);
		return $mod;
	}

?>